This (http://security.greymagic.com/adv/gm001-ie/) is an interesting demonstration that you guys should see. Even if you disable ActiveX and Scripting in the Internet zone, this vulnerability still exists.

Just another reason you guys should use Opera. :)

Thanks rmrucker! Have you found anything else lately?

Originally posted by rmrucker
This (http://security.greymagic.com/adv/gm001-ie/) is an interesting demonstration that you guys should see. Even if you disable ActiveX and Scripting in the Internet zone, this vulnerability still exists.

Hey rmrucker,
If I read that correctly, it does not affect IE 5.01 SP2, only 5.5 and higher correct...

I use 98SE, and IMHO, there is no doubt that IE 5.01 SP2 is the best for me... ;)

Originally posted by nomahe
Just another reason you guys should use Opera. :)

And if everyone started using Opera, they'd hack the crap out of it too. Don't get a false sense of security because you're using an unpopular browser.

Originally posted by nomahe
Just another reason you guys should use Opera. :)
Not knocking the browser, but it has its problems too!
Check out these many security vulnerabilities for opera. ;)

http://www.google.com/search?hl=en&q=security+vulnerabilities+in+opera+browser&spell=1

You guys are correct, but it's nowhere near as bad as IE. ;)
Opera is one of the biggest dl's there is and it's getting bigger all the time too.
I was just j/k around tho in my previous post. I hope you guys took it that way.

Originally posted by nomahe
You guys are correct, but it's nowhere near as bad as IE. ;)
Opera is one of the biggest dl's there is and it's getting bigger all the time too.
I was just j/k around tho in my previous post. I hope you guys took it that way. np, I'm always up for a good laugh :D

The thing is, how does anyone know if Opera is secure?
Who's testing it as thoroughly as IE is being tested?

It seems to me that the MS software gets all the attention, but other software may be even less secure.
Who would ever know if Opera has security holes, when most people are testing MS IE ? :)
Just a thought.

I agree Norm, just yanking your guys chain and j/k around. :D
I like Opera,but, could care less what browser does/doesn't have what. Everything has their good and bad points to it.
To each their own I say. It's all good. :)

Yep, all is good. :)
For the most part the sites that try to exploit us aren't in our list of favs anyway.

I haven't heard of any problems with IE5.01SP2 for a long time.
I consider any other, later, version of IE to be in the alpha stage.
MS is trying to save on troubleshooters, and is using it's customers to test the later versions.
What gets me is why are these newer versions of IE still a problem, when the problems they're having were already fixed in earlier versions?
Beats me!!
I'll stick with my good ole IE 5.01 SP2 for now.

Soley because it has taken the lion's share of the market, a vulnerability in IE is big problem. If you were a cracker, you would try to compromise systems with the browser that the vast majority of people use. You would be much more successful this way. I agree, changing browsers is good for the individual, but realistically we need IE to be a secure as possible for everyone.

This vulnerability occurs because of the way the ActiveX control is installed. Normally you can block ActiveX Controls from being installed by setting the Security options for the Internet zone under Tools | Internet Options | Security tab | Internet zone | Custom Level. If you block ActiveX completely by clicking "Disable" under each ActiveX entry, this is NOT successful in preventing this vulnerability.

This is because the ActiveX control is installed from within the MyComputer zone. There is a workaround described on that web page:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
Change the value of "1004" (DWORD) to 0x3.

This is successful because it changes the zone 0 (MyComputer zone) setting for "Download unsigned ActiveX Controls" to "Disable". While you are there, change the value of 1201 to "3" (0x3) as well. This will change 'Initialize and run ActiveX controls and plug-ins not marked as safe" to"Disable" also.

Since this ActiveX control is not signed (nor marked safe), it cannot be downloaded. This is thought not to cause any other problems with the functionality of your computer -- but it still COULD. Many programs use ActiveX in the MyComputer zone -- hopefully any reputable manufacturer would have signed and marked safe their control -- but you never know....

I think this is likely just a temporary work around -- becase a good cracker could potentially fake or steal signatures and safe markings. The final solution should come from MS.

As best I can tell, this only effects IE 5.5 and beyond. So 5.01 is 'safe' -- but isn't it also unsupported by Microsoft?? It will not be updated with any new Security patches. There is no ideal choice...

Originally posted by nomahe
I agree Norm, just yanking your guys chain and j/k around. :D
I like Opera,but, could care less what browser does/doesn't have what. Everything has their good and bad points to it.
To each their own I say. It's all good. :)
Hey Norm, check it out. Another newbie Wiseguy :D J/K

Yank away at the chains nomahe. If no one else does, they'll collect rust and make us all rabid!:nod: :D

Originally posted by blebs99

Hey Norm, check it out. Another newbie Wiseguy :D J/K

Yank away at the chains nomahe. If no one else does, they'll collect rust and make us all rabid!:nod: :D

You might wanna watch it blebs, I only live 20-30 mins from you, I might have to hunt you down if you get too carried away. :D

sorry for crapping on your thread rmrucker, I originally only meant to post that one time. It won't happen again.

Don't worry -- I agree with blebs on this one. Yank away -- otherwise this wouln't be any fun! ;)

Originally posted by blebs99

Hey Norm, check it out. Another newbie Wiseguy :D J/K

Yank away at the chains nomahe. If no one else does, they'll collect rust and make us all rabid!:nod: :D [Puts nomahe on my list of potential software testers.]

Hey, wanna try a new proggie I made ? :D

j/k
I enjoy the fun too. It'd be pretty depressing around a security forum without a little "yanking" :D

Hey thanks for the warm welcome guys. In the future I'll try to put my spamming efforts to a better cause, like messin with MadDoctor or something. ;)

Here is another fun page that you can use to test the insecurity of IE:
http://home.austin.rr.com/wiredgoddess/thepull/funRun.html

The page is designed poorly, so you have to click the links multiple times to get them to work...

And, the links are designed to work with WinNT/2K/XP only. I don't think they work in WinME -- although it says they do.

I agree with saying IE needs to be as secure as possible, it is the most used and in my opinion best browser out there. On my nix systems I will sometimes use netscape, or opera but even still, I use IE as my main browser on nix ported with WINE, and it still runs and looks better than most browsers.

regards,
greEd

Originally posted by rmrucker
As best I can tell, this only effects IE 5.5 and beyond. So 5.01 is 'safe' -- but isn't it also unsupported by Microsoft?? It will not be updated with any new Security patches. There is no ideal choice...

I changed the values from 0 to 3 in mine, IE 5.01 SP 2

What browser(s) are you using on your 98 boxes, rmrucker?
If higher than 5.01, have you had good success?
Any tweaking to make more stable?
Is 5.01 officially unsupported now?
Thanks!
Ken

I use IE6 on several Win98SE boxes -- and I have never had a problem. I think there must be specific reasons why people think you can't use IE6 on Win98. I know many others that use it as well.

As for special settings, well, yes. But mostly having to do with cookie control. Despite what it appears like on the surface, the cookie handling in IE6 is extremely convoluted. The more you read about it, the more you realize the changes that were made were NOT to benefit the end-user. There is an illusion the this new cookie slider is giving the user more control -- but it is not. The process seems to have been designed spefically to assist the advertisers in getting their cookies onto our computers. You don't want to get me started on this topic or I will write three pages of rhetoric!

As for the support of IE5.01, I believe that MS has stopped issuing Critical Updates for that version. The last update to IE 5.01 was the cumulative update released on Feb 11 -- and it only fixed IE 5.01 on Win2K. I may be wrong about this, but I think MS wants users to move up to IE5.5 or 6.0...

Thanks!
From what I gather, support for 98 will be ending soon...

I have not tried IE6, as MS seems to contridict itself. I have read that it isn't recommended for 98, then I have read that it is.
I guess it depend on where you are at MS.

For me 5.5 caused several different problems, some seemingly non related to 5.5, however upon using 5.01 these problems never appeared.

I follow your line of reasoning for cookies and IE6. WOW, the first time MS has ever lied to us, huh! hehehhehehhehhhehhe

Are you comfortable with 6 now?

I have no problem with IE6 -- and now that we have mastered the cookie settings, I think it is great. However, the cookie settings I use involve importing a specialized .xml file. This is not for everyone -- but that is the only way to do it!

If you were up to explaining, when you get a chance, I would sure be up to listening...
Ken

Care for a little light reading??

http://www.staff.uiuc.edu/~ehowes/ie6-p3p.htm

http://www.staff.uiuc.edu/~ehowes/info2.htm

The first link describes the work that Eric and I did trying to investigate just exactly how cookies are processed in IE6. The second link is a list of many more links that are packed full of information.

Let me know what you think!

I have used Ie6 on win 98 ever sense It came out. have not had a proublem with it. works great. I keep all the lastest updates for Ie 6 Installed. Plus I use a good firewall. I have heard people complain about it on win 98. But I have had no proublems with it . Plus I get better speed out of it the Ie 5.5. I guess it depends on the pc you own and their version of win98. ;) I use version of win 98 with no add ons from the manufacter of my Pc.:)

Umm, am I the only who caught a virus from taht site?

XMLid.Exploit or was this the whole idea??????

Sorry, which site exactly? No, no one I know got a virus from that site -- but then, our computers are set up very securely. It would unlikely we would get a virus just from visiting a site.

Originally posted by JackHamma96
Umm, am I the only who caught a virus from taht site?

XMLid.Exploit or was this the whole idea??????

Hey JackHamma96,
I sent you an email.
I went to the site and clicked on the sample script links myself, and found no virus, nor did I find one on a full scan of my box after. I use an up to date Anti virus prog.

I have a feeling that you probably encountered it previously...
Let us know if you need help getting rid of it.


Hey rmrucker,
That looks like a very thorough report on IE6!
Sorry that it took so long to get back to you! :o

I may give it a try and see how it works, I will let you know!
Thanks again!
Ken

Thanks for the cocern Ken, but im pretty sure I didnt recently catch the virus. I just installed my new OS 2 days ago. It cleaned the whole HDD. And I havent been to any "naughty" sites. I believe I click the 1st demonstration at the bottom of the page. And it detected that virus.

"the file simplebind[1].htm is infected with the XMLid.Exploit virus."

After that I deleted all my temporary internet files and ran a full system scan with NAV2002. And it found nothing else.

Im running Win2k Pro with all the latest pacthes/updates, Internet Explorer 6.0 w/ latest patches and updates, and NAV2002 w/ Virus Def. 3/8/02.

And on the symantec website the virus was just reported 3/6/02.


Well I just dont know:(

That is strange...
But, as long as it doesn't find one in your box, you should be OK as Norton is consistantly rated as one of the best AV progs.

I can not explain it, as it could be many "fluke" type things, not excluding a false a report.

I can vouche for rmrucker though. I have known him for almost 2 years and couldn't say anything except that he is "top knotch" in TCP/IP and security. And I mean this sincerely...

I have no doubt that he would never post an inappropriate link. I did run that same script myself though, and I didn't get a peep from my box...

I am sorry that it gave you a scare though.

Enjoy the forums! and Welcome to SpeedGuide!
Ken

;) Yeah as long as NAV2k didnt detect anything. It sure scared me I can assure that.:rolleyes:


EDIT: I think I just found a logical explanation for that "virus"

http://www.lockdowncorp.com/bots/testyourbrowser.html


Maybe that site used the XML "virus" to test the exploit as did lockdown used the Js.exception "virus" to test the vulnerability.

I can't say as neither was able to get in my box...

Did the site you posted but the file in your box?
If so, please go and get the update...
Ken

Well, this appears to be the story.

The "Grey Magic" exploit has been making the rounds on all the security channels. Symantec got wind of it and in their most recent virus definitions they included one for this "exploit"! They entitled it "XMLid.Exploit virus" -- although their is no actual "virus" that uses this "exploit".

You can only get this from that page if your click to download either the "Simple" or the "Advanced" Demonstration files. Surprisingly and disturbingly, even if I "Quarantine" this 'virus', the Run box still works -- NOT a very effective method at stopping this "virus".

Additionally, you can prove that 'quarantining the virus' was ineffective if you look in your ActiveX controls -- you will find that one named "{11111111-1111-1111-1111-111111111111}" was installed! You can check this by clicking Tools|Internet Options|General tab|Temporary internet files|Settings|View Objects. The first object listed will be this one.

Symantec created this definition on March 6, 2002 and it is in the March 8, 2002 definitions-- well after this vulnerabiltiy was described and demonstrated on the Grey Magic pages.

http://securityresponse.symantec.com/avcenter/venc/data/xmlid.exploit.html

There is no "virus" being downloaded -- Symantec is just warning you of the vulnerability. But... they do not appear to be protecting you.:(

Thanks Rick!
I do not have it in my box, however, I did click the link...
Do you think that 5.01 SP 2 is not vulnerable to this?
What have others said?

No, I didnt get a {1111-111....} installed. :2cool: I understand what happened now. All it was I clicked simple and NAV2002 poped up saying I have an "virus" oh well, everythings cool now.

Correct. The vulnerability begins with IE5.5.

Thanks, that helps a bit! I have been curious a long time whether IE 5.01 SP 2 was not vulnerable or just not supported, as you and I have mentioned before...
Of course, this doesn't solve that question, except for this exploit...